With WordPress security plugins, you can add various types of security features that will help keep your WordPress website safe. This article gives you an overview of the options and briefly cover areas of concern you need to be aware of as a WordPress webmaster.

Keeping a website secure is not a trivial task and if you are using a popular platform like WordPress the threat level goes up a few more steps. It is not that WordPress is insecure in itself, but with hundreds of millions websites out there (and growing virally every day) it is worth the effort for hackers to search for exploits and create automated solutions to do the dirty work.

The community does a great job to keep WordPress a secure system, but whenever new features are added there is potentially a risk. Therefore, priority number one, is to only install extensions from trusted sources and then to keep both WordPress core, your theme and plugins up to date at any time. This is one of the areas where a WordPress security plugin can help you by monitoring your installation and warning you if some files need to be updated. Keep in mind though that it is not only WordPress files that need to be up to date. You need to ensure that your web server is maintained properly to avoid security problems with old versions of e.g. PHP. This is often taken care of by hosting companies if you have a fully managed plan, but if you are not sure, check it!

Another area where WordPress does not have best practice security build in is the user account and login process. There is no restriction concerning how many times a WordPress user can log and no checks on password strength. Again, this is an area where you can use security plugins for WordPress to add additional hardening to your website.

Finally, you may want to secure your site from internal users and keep an eye on what you do. This is very relevant if you run a multi author blog or have many guest writers. There are plugins for helping you manage the editorial work with multiple authors, check this article for inspiration, but from a security point of view you should consider to have audit trails (track who did what – we covered this topic here) and role plugins to have more fine grained permissions set up.

Keeping your website running all the time also require proper backup and restore processes. We have covered this topic previously in a post about WordPress backup plugins. Check it out and make sure you have a working backup when you need it…

In this article, I have collected more than 40 great WordPress security plugins you can use to improve the security level of you WordPress website. Please let me know in a comment
[exec]$filestr = file_get_contents(‘http://www.tripwiremagazine.com/googleadsensebelowmoretag.inc’);echo $filestr;[/exec]
Disclosure: Please note that some of the links below are affiliate links and I will earn a commission if you purchase through those links (at no extra cost to you). I recommend that you do your own independent research before purchasing any product or service. This article is not a guideline, a recommendation or endorsement of specific products.

Article Index, Jump to the section you want to read!

Full WordPress Security Suites

Security Ninja – MORE INFO / DEMO


Security Ninja is a premium WordPress Plugin that performs 31+ tests including Brute-Force Attacks. It also checks your site for security vulnerabilities, takes preventive measures against attacks, prevents 0-day exploit attacks and with code snippets included for quick fixes.

Wordfence Security – MORE INFO


Wordfence Security is a free enterprise class security plugin that includes a firewall, anti-virus scanning, malicious URL scanning and live traffic including crawlers. Wordfence is an advanced WordPress security plugin that can verify and repair your core, theme and plugin files, even if you don’t have backups.

Bulletproof Security – MORE INFO


BulletProof Security protects your WordPress website against XSS, RFI, CRLF, CSRF, Base64, Code Injection and SQL Injection hacking attempts.

Better WP Security – MORE INFO


Better WP Security takes the best WordPress security features and techniques and combines them in a single plugin thereby ensuring that as many security holes as possible are patched without having to worry about conflicting features or the possibility of missing anything on your site.With one-click activation for most features as well as advanced features for experienced users Better WP Security can help protect any site.

Website Defender WordPress Security – MORE INFO


The WebsiteDefender WordPress Security plugin is the ultimate must-have tool when it comes to WordPress security. The plugin is free and monitors your website for security weaknesses that hackers might exploit and tells you how to easily fix them. WebsiteDefender integrates with the plugin which allows you to see all your security alerts from your WordPress dashboard.

Total Security – MORE INFO


The Total Security plugin is the must-have tool when it comes security of your WordPress installation. The plugin monitors your website for security weaknesses that hackers might exploit and tells you how to easily fix them.

Role, Permissions and Login Security

Login Ninja – MORE INFO / DEMO


Login Ninja is a premium WordPress plugin that protects login and register forms with Captcha test. It automatically bans malicious IPs with a detailed log of all login related activities. It Also redirects users based on roles and usernames, protects from brute force attacks and prevent bots from registering.

User Role Editor – MORE INFO


User Role Editor WordPress plugin makes the role capabilities changing easy. With User Role Editor WordPress plugin you can change user role (except Administrator) capabilities easy, with a few clicks.

Role Scoper – MORE INFO


CMS-like permissions for reading and editing. Content-specific restrictions and roles supplement/override WordPress roles. User groups optional.

Members – MORE INFO


Members is a plugin that extends your control over your blog. It’s a user, role, and content management plugin that was created to make WordPress a more powerful CMS.

The foundation of the plugin is its extensive role and capability management system. This is the backbone of all the current features and planned future features.

User Access Manager  – MORE INFO


Advanced Access Manager is very powerful and flexible Access Control tool for your WordPress website. It supports Single WordPress installation and Multisite setup.

One Time Password – MORE INFO


This simple to use plugin enables you to login to your WordPress weblog using passwords which are valid for one session only. One-time passwords prevent stealing of your main WordPress password in less trustworthy environments, like internet cafés, for example by key loggers. The one-time password system conforms to RFC 2289 of the Internet Engineering Task Force (IETF).

WP Login Security 2 – MORE INFO


WP Login Security 2 provides enhanced security by requiring users to white list their IP address. If the IP address is not recognized, the plugin will send an email to the user with a link that contains a one-time key. Optionally the blog administrator can also be notified.If a user logs in from a known IP address no further action is required.

s2Member® Framework  – MORE INFO


This is a powerful (free) membership plugin for WordPress®. Protect members only content with roles/capabilities.

Limit Login Attempts – MORE INFO


Limit rate of login attempts, including by way of cookies, for each IP. Fully customizable. By default WordPress allows unlimited login attempts either through the login page or by sending special cookies. This allows passwords or hashes to be brute-force cracked with relative ease.Limit Login Attempts blocks an Internet address from making further attempts after a specified limit on retries is reached, making a brute-force attack difficult or impossible.

User Locker – MORE INFO


This plugin locks user account after given number of incorrect login attempts. This makes brute force and dictionary attacks nearly impossible.

Login Security Solution – MORE INFO

Security against brute force attacks by tracking IP, name, password; requiring very strong passwords. Idle timeout. Maintenance mode lockdown.

MVIS Security Center – MORE INFO


MVIS Security Center shows you exactly how to lock down your setup and sends subscribed users real-time vulnerability alerts for their site.

Active Directory Integration – MORE INFO


This Plugin allows WordPress to authenticate, authorize, create and update users against an Active Directory Domain.It is very easy to set up. Just activate the plugin, type in a domain controller, and you’re done.

WordPress Security Scanners

Scheduled Scanner Add on for Security Ninja  – MORE INFO / DEMO


An add on for Security Ninja WordPress plugin. It is compatible with both Security Ninja & Core Scanner Add on. It is extremely easy to setup, allows email reports from scans and an easy to use GUI.

Block Bad Queries – MORE INFO

Block Bad Queries (BBQ) is a simple script that protects your website against malicious URL requests. BBQ checks all incoming traffic and quietly blocks bad requests containing nasty stuff like eval(, base64_, and excessively long request-strings. This is a simple yet solid solution that works great for sites where .htaccess is not available. The BBQ script is available as a plugin for WordPress or standalone script for any PHP-powered website.

Exploit Scanner – MORE INFO

This plugin searches the files on your website, and the posts and comments tables of your database for anything suspicious. It also examines your list of active plugins for unusual filenames.

Bad Behavior – MORE INFO


Bad Behavior prevents spammers from ever delivering their junk, and in many cases, from ever reading your site in the first place.

WP Updates Notifier – MORE INFO


Monitors your WordPress installation for core, plugin and theme updates and emails you when they are available. This plugin is ideal if you don’t login to your WordPress admin regularly or you support a client’s website.

WordPress Https – MORE INFO


WordPress HTTPS is intended to be an all-in-one solution to using SSL on WordPress sites.

Anti – Malware – MORE INFO


This Anti-Virus/Anti-Malware plugin searches for Malware and other Virus like threats and vulnerabilities on your server and it helps you remove them.

AntiVirus – MORE INFO


Antivirus for WordPress is a easy and safe tool to protect your blog install against exploits, malware and spam injections. Useful plugin that will scan your theme templates for malicious injections.

Content Protection

Private Content – Secure Links Add on – MORE INFO / DEMO


Private Content can easily lock down any links you want with complete files protection. You have the option to precisely set who can access the links, either by a single user, all of the users or set by a category.

Watermark Hot Linked Images – MORE INFO / DEMO


Like many websites, you may be victim of “hotlinking” an external websites using your images without your permission. As the images are hosted on the server, the bandwidth is used and this without any compensation. The plugin “Hotlinked Watermark Images” allows you to take advantage of this situation by displaying a custom message on your images when they are displayed on external websites.

Email Encoder Bundle – MORE INFO


Encode mailto links and plain email addresses on your site and hide them from spambots. Easy to use, plugin works directly when activated.

Source Guard For WP Source Encoder Encryptor – MORE INFO / DEMO


Source Guard is WordPress plugin for encoding/encryption and obfuscating your website output source code. It offers tons of features like two encoding modules  (HTML obfuscator and JavaScript encoder) and  three website source protection modes. It works on the fly and with no special requirements only PHP 5.0 or PHP 5.x.

WP – DBManager – MORE INFO


Allows you to optimize database, repair database, backup database, restore database, delete backup database , drop/empty tables and run selected queries. Supports automatic scheduling of backing up, optimizing and repairing of database.

WordPress Audit Trail

Three WP Activity Monitor – MORE INFO


Displays a multitude of user actions to keep the site administrator informed that all is well and that the blog or network is not being abused. Three WP Activity Monitor Displays the following: logins (successful and failed) , retrieved and reset passwords, posts/pages created, updated, trashed, untrashed and deleted, comments approved, trashed, spammed, unspammed, trashed, untrashed and deleted, changed passwords, changed user info, user registrations, user deletions and custom activities from other plugins.

WP – Activity – MORE INFO


Monitor and display registered users activity like logins, posts and comments. You can also track and prevent hackering attempts, with IP blacklisting.

Audit Trail – MORE INFO


Audit Trail is a plugin to keep track of what is going on inside your blog. It does this by recording certain actions such as who logged in and then stored this information in the form of a log. It also records the full content of posts and pages and allows you to restore a post to a previous version at any time.

Simple Security – MORE INFO


Simple Security Plugin for WordPress is an access log to track logins and failed login attempts for the admin area of your WordPress Website.

WordPress File Monitor Plus – MORE INFO


Monitor files under your WP installation for changes. When a change occurs, be notified via email. This plugin is a fork of WordPress File Monitor.



This plugin adds invisible form fields to your comment form to protect your blog from automated spambots.

Infinite WP Client – MORE INFO


Install this plugin on unlimited sites and manage them all from a central dashboard. This plugin communicates with your InfiniteWP Admin Panel.

Visitor Maps Extended Referer Field – MORE INFO


Extend Visitor Maps and Who’s Online with extra features, such as IP and referrer banning. Display the referring host name and search string.

WordPress Sentinel – MORE INFO


This plugin acts as a sentinel that watches over your core WordPress programs plus installed themes and plugins and tells you when changes happen.

[exec]echo get_avatar( get_the_author_email(), ’80’ );[/exec]

Author : Lars Vraa


Pin It on Pinterest

Share This

Share This

Share this post with your friends!

WordPress Appliance - Powered by TurnKey Linux